Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
On Sun, 2009-10-04 at 19:02 +0200, Per Jessen wrote:
John Andersen wrote:

Per Jessen wrote:
Roger Oberholtzer wrote:

On Sat, 2009-10-03 at 17:27 +0200, Hans Witvliet wrote:


hence i would recommend using keys and disable all password-logins.
Other suggestion, use a VPN.
My ssh access is password protected. It is not so much that someone
gets in (although I keep an eye open), but rather all the attempts
eat resources.

Roger, that's almost certainly the first time I've heard anyone say
that - I couldn't care less about the resources wasted by ssh brute
force attacks (as long as they're not actually denial-of-service),
but I care a lot about anyone getting in.

The system that allows ssh access has only a few accounts. The few
passwords that exist are controlled and less than obvious. Perhaps they
might be found in a Martian dictionary. And it would have to be one of
the dead Martial languages you don't hear very often these days. I am
not trying to be cocky or over confident. I just wanted to point out
that the machine that is being attacked has little in the way of
accounts with simple minded passwords. Aside from ssh, it is a web
gateway to one specific internal machine, also with limited user
accounts and great control over passwords. Of course, no machine is
impregnable.

I think I will be moving sshd to another less-obvious port.

--
Roger Oberholtzer


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >